[RLSA-2022:8098] toolbox security and bug fix update

Severity Moderate

Affected Packages 4

CVEs 4

An update is available for toolbox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.

Security Fix(es):

golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.

Package	Affected Version
pkg:rpm/rockylinux/toolbox?arch=x86_64&distro=rockylinux-9	< 0.0.99.3-5.el9.rocky.0.1
pkg:rpm/rockylinux/toolbox?arch=aarch64&distro=rockylinux-9	< 0.0.99.3-5.el9.rocky.0.1
pkg:rpm/rockylinux/toolbox-tests?arch=x86_64&distro=rockylinux-9	< 0.0.99.3-5.el9.rocky.0.1
pkg:rpm/rockylinux/toolbox-tests?arch=aarch64&distro=rockylinux-9	< 0.0.99.3-5.el9.rocky.0.1

ID

RLSA-2022:8098

Severity

moderate

URL

https://errata.rockylinux.org/RLSA-2022:8098

Published

2022-11-15T06:15:31
(22 months ago)

Modified

2023-02-04T08:59:12
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2022-1705	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705
CVE	CVE-2022-30630	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630
CVE	CVE-2022-30631	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631
CVE	CVE-2022-30632	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632
Bugzilla	2089194	https://bugzilla.redhat.com/show_bug.cgi?id=2089194
Bugzilla	2107342	https://bugzilla.redhat.com/show_bug.cgi?id=2107342
Bugzilla	2107371	https://bugzilla.redhat.com/show_bug.cgi?id=2107371
Bugzilla	2107374	https://bugzilla.redhat.com/show_bug.cgi?id=2107374
Bugzilla	2107386	https://bugzilla.redhat.com/show_bug.cgi?id=2107386
Self	RLSA-2022:8098	https://errata.rockylinux.org/RLSA-2022:8098

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/toolbox?arch=x86_64&distro=rockylinux-9	rockylinux	toolbox	< 0.0.99.3-5.el9.rocky.0.1	rockylinux-9	x86_64
Affected	pkg:rpm/rockylinux/toolbox?arch=aarch64&distro=rockylinux-9	rockylinux	toolbox	< 0.0.99.3-5.el9.rocky.0.1	rockylinux-9	aarch64
Affected	pkg:rpm/rockylinux/toolbox-tests?arch=x86_64&distro=rockylinux-9	rockylinux	toolbox-tests	< 0.0.99.3-5.el9.rocky.0.1	rockylinux-9	x86_64
Affected	pkg:rpm/rockylinux/toolbox-tests?arch=aarch64&distro=rockylinux-9	rockylinux	toolbox-tests	< 0.0.99.3-5.el9.rocky.0.1	rockylinux-9	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date